package com.javasm.mingming.adminuser.controller;

import com.javasm.mingming.adminuser.entity.AdminUser;
import com.javasm.mingming.adminuser.service.AdminUserService;
import com.javasm.mingming.common.R;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PreFilter;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.annotation.Resource;
import java.util.List;

/**
 * @author javasm
 * @version 0.1
 * @className TestController
 * @descriptioin:
 * @date 2025/1/15 10:46
 * @since jdk11
 */
@RestController
@RequestMapping("/test1")
public class TestController {


    //角色继承失效了
   //@Secured({"ROLE_super_admin"})
    //PreAuthorize角色继承生效了
    @PreAuthorize("hasRole('ROLE_super_admin')")
    @GetMapping("/f1")
    public R f1(){
        return R.ok("f1方法,只有super_admin可以访问");
    }
    //@Secured("ROLE_admin")
    @PreAuthorize("hasRole('ROLE_admin')")
    @GetMapping("/f2")
    public R f2(){
        return R.ok("f2方法,只有admin可以访问");
    }
    //@Secured({"ROLE_super_admin","ROLE_admin"})
    @PreAuthorize("hasAnyRole('ROLE_super_admin','ROLE_admin')")
    @GetMapping("/f3")
    public R f3(){
        return R.ok("f3方法,只有admin,super_admin可以访问");
    }


    @GetMapping("/f4")
    public R f4(){
        return R.ok("f4方法,只有admin,super_admin可以访问");
    }

    @PreAuthorize("hasAuthority('admin')")
    @GetMapping("/f5")
    public R f5(){
        return R.ok("f5方法,只有admin标识可以访问");
    }
    @PreAuthorize("hasAuthority('test')")
    @GetMapping("/f6")
    public R f6(){
        return R.ok("f6方法,只有test标识可以访问");
    }
    @PreAuthorize("hasAnyAuthority('admin','test')")
    @GetMapping("/f7")
    public R f7(){
        System.out.println("f7方法,只有admin,test标识可以访问-------------------------------");
        return R.ok("f7方法,只有admin,test标识可以访问");
    }

    @PostAuthorize("hasAnyAuthority('admin','test')")
    @GetMapping("/f8")
    public R f8(){
        System.out.println("=======================================f8方法,只有admin,test标识可以访问");
        return R.ok("f8方法,只有admin,test标识可以访问");
    }

    //不是拦截是否允许访问,是过滤参数
    @PreFilter("filterObject.roleId > 1 ")
    @GetMapping("/f9")
    public R f9(@RequestBody List<AdminUser> list){
        return R.ok(list);
    }

    @Resource
    AdminUserService adminUserService;
    @PostFilter("filterObject.roleId > 1")
    @GetMapping("/f10")
    public List<AdminUser> f10(){
        List<AdminUser> list = adminUserService.list();
        return list;
    }

    //@bean对象.方法名,传入参数,
    //如果返回true,允许访问当前方法
    //如果返回false,不允许访问,没有权限
    @PreAuthorize("@javasmExpressAuthorize.f1('admin')")
    @GetMapping("/f11")
    public R f11(){
        System.out.println("=======================================f111");
        return R.ok("f11111");
    }


    @PreAuthorize("@javasmPreAuthorize.check('admin')")
    @GetMapping("/f12")
    public R f12(){
        System.out.println("=======================================f12222");
        return R.ok("f12222");
    }

    @PreAuthorize("@javasmMenuAuthorize.check('/room/info')")
    @GetMapping("/f13")
    public R f13(){
        return R.ok("f13");
    }

}
